1. Field of the Invention
The present invention relates to a communication system using a home gateway device to be provided at a home network and an access server for controlling accesses to the home gateway device.
2. Description of the Related Art
In conjunction with the rapid spread of digital home electronics, the so called “home network” for connecting home electronic devices together is becoming popular quickly. This is the phenomenon that is not limited to any particular fields, as exemplified by the IEEE 1394 for AV devices, the Echonet for home electronics, the Ethernet or USB for PCs and peripheral devices, etc.
There is a trend to connect such home networks with the Internet and provide the Internet connection function to the home electronic devices or enable control of the home electronic devices from the Internet. To this end, there is a need for a device called “home gateway” which is to be located between the home network and the public network (Internet) as an ingress node of the home network. The home gateway is generally equipped with a protocol conversion function (the so called gateway function) besides the home router function, because many devices that cannot understand the Internet protocol are expected to be existing on the home network.
Using such a device, it is expected that the remote controlling of devices on the home network from the Internet becomes possible.
In this case, it is also expected that the security will become a potential problem. Namely, it is necessary to assume the presence of many malicious users (users who are likely to commit improper or illegal acts with respect to specific or unspecified communication devices or networks, or users who can potentially commit such improper or illegal acts, for example) on the Internet, and it is necessary to anticipate potential attacks from such malicious users.
In the case of the enterprise network, it has been customary to provide a “firewall” as an ingress node of the enterprise network so as to block the attacks from the malicious users there. However, this method presumes the existence of a “network manager” of the enterprise network who is responsible for the management tasks regarding the security such as a task of making appropriate setting regarding the security and a task of executing repair software (patch program) which is updated and distributed daily.
In this regard, in the case of the home network, it is practically unrealistic to require the existence of a network manager who can make appropriate setting regarding the security with respect to the home gateway in a general user's home. Consequently, as far as the home network is concerned, it is impossible to use the general technique for preventing attacks from the malicious users by the firewall or the like as in the enterprise network where it is possible to require the existence of the network manager.